Cybersecurity and Small Businesses
It seems that no business is too small to be a target of ransomware. Ponemon Institute, a research company that focuses on information management topics, recently conducted a survey of small and mid-size businesses regarding ransomware attacks. The survey, sponsored by Carbonite, a cloud back-up company, found that 51% of the responding SMBs were attacked. Of the survey respondents, 30% of them had 200 or fewer employees. And most cybersecurity experts expect ransomware attacks to continue to increase.
In fact, the survey indicates that businesses are frequently attacked numerous times. It was found that companies were attacked an average of 4 times in a nine month period. Those companies that paid sent the money most frequently by bitcoin or cash. The average amount was $2,500. Good news is that 52% of the respondents did not pay the ransom because they had full backup. The survey queried the respondents regarding how the ransom attack occurred and the majority – 43% – responded that they were attacked through a phishing scheme and an additional 30% said the attack came through an insecure or spoofed website.
Impacts of ransomware attacks The survey asked about the consequences of an attack. Increased technology investments after an attack was a key impact, accordingly to respondents. Additional, lost customers and lost money were key impacts. Even though the ransom amount may not have been huge to many victims, the cost can be significantly more than the direct payment to the criminals.
Fear of Publicity Many respondents that were attacked said they did not report the attack for fear of publicity. Companies should discuss any attack confidentiality with their trusted law enforcement representative. Without all the facts, it is hard for the FBI to identify cybercriminal trends and identities quickly. Businesses can help solve the problem by reporting incidents.
What Your Business Can Do Hopefully by now you have a strong backup process in place. Your cybersecurity specialist should be monitoring that you frequently backup your entire database and files – at least weekly if not daily. Interim backups for hourly or daily information is also important. The full back ups should be stored safely offsite, either in the cloud or in a secure location. For businesses with significant amount of sensitive or key data, multiple full backups, each stored at a different location, are a prudent action. Continue to educate staff on phishing scams and how to identify bogus websites. Consider a “cybersecurity minute” every Monday morning to help staff remain ever vigilant. If your website is not yet a secure site, talk with your cybersecurity specialist about ways to secure it. You can also find out information on website security from your site hosting provider. If they charge extra for added security, evaluate it as one type of possible inexpensive insurance against future attacks.
About the Author - Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.